402 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
Questions
FAQs
Q: What do I need to do if I want to commence legal action for corporate espionage?
A: To successfully prosecute corporate espionage, it is necessary to prove that the
information has value. is can be a monetary value, a hidden value, or an eco-
nomic advantage to an adversary/competitor. You also need to demonstrate that
the information was protected and properly marked for protection, that policies
and procedures were in place, and that awareness training was instituted.
Q: Why shouldn’t I use passive voice when writing my reports?
A: “e author wrote the words in his diary” employs active voice. “e words in
the diary were written by the author” illustrates passive voice. When writing
a report, avoid any form of the verb to be, such as is, are, was, and were. Read
your writing aloud; you’ll nd that passive voice can lead you to lapse into a
sing-song schoolchild reading his “what I did last summer” essay out loud. It
is much more dicult to take passive voice seriously.
Q: What is considered public domain?
A: Like all things, copyright protection eventually ends; it is only a “limited
monopoly.” When copyrights expire, they fall into the public domain. With
a number of exceptions, public domain works may be unreservedly copied or
used in the production of derivative works without either the permission or
the authorization of the former copyright holder. At some stage in the Clinton
administration, the contentious Sonny Bono Copyright Term Extension Act
(CTEA) passed into law. is Act added 20 years to most copyright terms. It
also created a moratorium that, in eect, stops any new works from entering
the public domain until 2019. e bill was enacted to ensure protection for
U.S. works in the foreign market.
Q: What is wrong with using acronyms in my reports?
A: ree-letter acronyms (TLAs) are the bane of all good reports. Acronyms
often conict within similar spheres. However, when you take a range of dif-
ferent occupations and knowledge elds, people start to read dierent mean-
ing into this technical jargon. e result is that the report is less clear to the
average reader.
Q: I work for an ISP in the United States and have discovered child pornography on
a Web site we host. What should I do?
A: Under the Protection of Children from Sexual Predators Act of 1998 (Sexual
Predators Act), ISPs are required to notify law enforcement of Web sites con-
taining child pornography on their server(s). Failing to report it could mean
that the ISP will be ned.